Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 13/12/2023 Updated: 18/12/2023

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

An issue exists by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibana_system user, API Keys, and credentials of Kibana end-users. The issue occurs infrequently, only if an error is returned from an Elasticsearch cluster, in cases where there is user interaction and an unhealthy cluster (for example, when returning circuit breaker or no shard exceptions).

Vulnerable Product	Search on Vulmon	Subscribe to Product
elastic kibana

DescriptionA flaw was found in Kibana, where exposure of sensitive information in log files may occur In some uncommon conditions, if error messages are returned, the log may contain account credentials for the kibana_system 64 user, API Keys, and credentials of Kibana end-usersA flaw was found in Kibana, where exposure of sensitive inform ...

CWE-532 https://discuss.elastic.co/t/8-11-1-7-17-15-security-update-esa-2023-25/347149 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-46671

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-46671

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect